This vulnerability is present in versions of perl included with Red Hat Virtualization Hypervisor and Management Appliance, however it is not exposed in any meaningful way. Perl is only included in these images as a dependency of components which do not manipulate ENV, and are not exposed to user input. A future update may address this issue.
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
|CVSS3 Base Score||8.1|
|CVSS3 Base Metrics||CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H|
Affected Packages State
|Red Hat Virtualization 4||rhevm-appliance||Fix deferred|
|Red Hat Virtualization 4||redhat-virtualization-host||Fix deferred|
|Red Hat Software Collections for Red Hat Enterprise Linux||rh-perl524-perl||Affected|
|Red Hat Software Collections for Red Hat Enterprise Linux||rh-perl526-perl||Affected|
|Red Hat OpenShift Enterprise 3||perl||Under investigation|
|Red Hat Enterprise Linux 7||perl||Affected|
|Red Hat Enterprise Linux 6||perl||Will not fix|
|Red Hat Enterprise Linux 5||perl||Will not fix|
AcknowledgementsRed Hat would like to thank the Perl project for reporting this issue. Upstream acknowledges Jayakrishna Menon as the original reporter.
CVE description copyright © 2017, The MITRE Corporation